ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nano Banana Pro Prompts

v1.1.1

Search and recommend suitable prompts from 10,000+ Nano Banana Pro image generation prompts based on user needs. Optimized for Nano Banana Pro (Gemini), but...

0· 86·1 current·1 all-time
byJared.Liu@dophinl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill advertises a large, auto-updating prompt library and includes a setup script that downloads categorized JSON references from a GitHub repo. The required files, README, and SKILL.md all align with that purpose. Minor metadata/version mismatches across files (registry metadata v1.1.1 vs package.json v1.5.9 vs _meta.json v1.4.4) suggest sloppy maintenance but do not contradict the declared purpose.
Instruction Scope
SKILL.md instructs the agent to run scripts/setup.js to download manifest and category JSON files, to read manifest.json and to grep category files when searching. Those actions are consistent with building and searching a local prompt library. The instructions do not ask for unrelated secrets or to read unrelated system files. The guidance to use grep (token-optimization) is unusual but not malicious; it does assume the agent can access the skill's references directory.
Install Mechanism
No install spec is provided and the included setup script fetches data from raw.githubusercontent.com — a well-known release host. The script downloads JSON data (not executable code) and writes it into a local references/ directory. This is a reasonable approach for large datasets that aren't bundled with the published skill.
Credentials
The skill declares no required environment variables or credentials. README notes .env and CMS secrets only for development and CI (not runtime). The runtime setup script uses only network access to a public GitHub URL and local filesystem writes inside the skill directory — proportional to the stated function.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system settings. It creates/updates files only under its own references/ directory and writes a local .last-updated timestamp — expected behavior for cached data.
Assessment
This skill appears internally consistent: it downloads public JSON prompt data from a GitHub repo and searches local files. Before installing, note: 1) the setup step runs node scripts/setup.js and will write files under the skill's references/ directory — run it in an environment where you expect those files to be created; 2) the data is fetched from raw.githubusercontent.com, so if the upstream repo is compromised the downloaded data could be altered (a general supply-chain risk); 3) repository metadata (version numbers) is inconsistent across files — a maintenance issue but not evidence of malicious behavior; 4) no credentials are requested for runtime, but the included dev docs reference CMS secrets for upstream sync (development/CI only). If you require higher assurance, review the actual JSON files after download (they are plain data) and run the setup script in a sandboxed environment before granting broader access to your agent.
!
scripts/setup.js:14
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk973weectr1jrs88e8mfwn4qqn83msse

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments